Study Reveals 8 in 10 Companies Suffered Web-Borne Attacks

New Data Shows Phishing, Spyware and Keyloggers are Extremely Disruptive to Businesses, and Large Companies are the Most Vulnerable to Data Loss and Malware

March 29, 2013

4 Min Read


BROOMFIELD, Colo., March 28, 2013 /PRNewswire/ -- A new Web security study finds that the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords. Conducted by Webroot, a leader in delivering Internet security as a service, the study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.


Top-level corporate study findings:

-- 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012 -- 88% of Web security administrators say Web browsing is a serious malware risk -- Phishing is the most prevalent Web-borne attack, affecting 55% of companies The study, which surveyed Web security decision-makers in the United States and United Kingdom, found an overwhelming 79% percent of companies experienced Web-borne attacks in 2012. These incidents continue to represent a significant threat to corporate brands. Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies. Despite the obvious awareness of the risks, only 56% of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.

"Protecting against Web-borne malware should be a high priority for all organizations since once inside a network, the propagation of malware can take down the entire company, effectively disabling an organization," said Sara Radicati, President and CEO at Radicati Group. "Finding a balance between providing employees Web access and ensuring corporate information security requires a solid Web security solution and is an essential requirement for companies to avoid this costly liability."

The major trends that are driving businesses and information technology today--mobility, social networking, BYOD and cloud computing--are also making organizations more susceptible to security attacks. More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging. According to the results, phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data.

"It's no surprise that the latest study shows that attacks are increasing in frequency, complexity and scale. Organizations need to implement layered defenses from the endpoint to the network to understand not only what is happening but where the attacks are manifesting from and when," said David Duncan, Chief Marketing Officer at Webroot. "Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms, organizations require a cloud-based solution that is effective in this new environment, as well as easy to deploy, quick to respond and flexible to address today's sophisticated cyber-threats."

What can organizations do?

The new "Web Threats Expose Business to Data Loss" report provides a comprehensive analysis of the current Web-based vulnerabilities, and includes steps to reduce the risks associated with this rapidly changing threat landscape. The full report is available at

About the Research

In 2012, Webroot commissioned a study to measure the prevalence of Web-borne attacks and identify factors that mitigate the consequences. The scope of the research included companies with 100 to 4,999 employees that currently have a Web security solution or plan to implement one in 2013. From December 20 through December 24, 500 Web security decision-makers (404 in the US and 96 in the UK) completed the online survey hosted by Qualtrics. Research Now provided respondents from their online panel of IT and business executives, and Lawless Research provided quantitative data analysis. The margin of error for the study is +/- 4.4 percentage points at the 95 percent level of confidence.


Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot SecureAnywhere® offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, SOTI, NEC, FancyFon and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held security organization based in the United States. For more information, visit or call 800.772.9383. Read the Webroot Threat Blog: Follow Webroot on Twitter:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights